Sign up for our weekly security newsletter

Malware Creator behind Bars for DDOS Attacks

Artur Boiko, 44, a man from Estonia, has been imprisoned for two years and seven months after being accused of using malware to start a distributed denial of service (DDOS) attack against a local insurance firm.

The reports state that Boiko refused the charges the court declared him guilty, but the prosecutors convinced the jury that he became a malware creator during late 2006 to take revenge against insurance company IF, after a dispute over a discarded insurance claim of a car accident.

However, the attacks that Allaple malware launched had a devastating effect on the compromised sites during early 2007. This series of attacks preceded much bigger attacks on the Estonian government and websites of banks that escorted the relocation of memorials and graves of the Soviet-era war in April 2007.

The virus employs complex encryption and propagates while changing HTML files. The virus spreads to more systems as the customized files are implanted on sites. The compromised systems are not connected in a conventional 'control server botnet' style. They instead continue to independently begin launching continuous attacks till the infection is removed from the system.

The code tries to make a DDOS attack on IF's website as well as the service provider hosting it.

According to Mikko Hypponen, chief research officer of F-Secure, as of now, there are several active, infected systems worldwide, and they are still making attacks. The worm continues to propagate, as per the news published by V3.co.uk on March 12, 2010.

The accused Boiko, who has served one year seven months on remand expecting trial, was charged for creating several kinds of the worm, an annoying aspect in the offence, which well explains the hard punishment he got for the crimes he committed.

The court even dictated him to compensate for the damage and problem he caused in terms of huge penalties. A judge commanded him to pay 5.1 Million Estonian Kroons ($450,000) to IF insurance, and ISP 1.4 Million Estonian Kroons ($130,000) to Starman as reimbursement.

Graham Cluley, senior technology consultant for Sophos, said that 2.5 years of imprisonment and $580,000 for damages appear to him as a reason major enough to refrain from developing a malware, as per the news published by V3.co.uk on March 12, 2010.